KPMG Legal Alert on Decree 13
On 17 April 2023, the Government issued the long-awaited Decree 13/2023/ND-CP on Personal Data Protection (“PDPD” or “Decree 13”), which will take effect from 01 July 2023.
The PDPD is amongst the Government’s initiative to strengthen the legal framework governing cyberspace, with focus on the data protection and cybersecurity obligations with respect to personal data processing activities.
Whilst PDPD has similar requirements compared to the European Union’s General Data Protection Regulation, there are some significant differences, such as requirements for cross border transfers, consent forms and impact assessment reports, and lawful basis for processing personal data. Companies that have privacy management practice and policies in place that are either GDPR-compliant or compliant with other privacy laws are not automatically granted a free pass as to compliance with Decree 13. With the effective date of 1 July 2023, businesses should begin reviewing their internal privacy management practices and policies immediately to identify gaps and a corresponding action plan.
KPMG would like to outline in the Legal Alert the key compliance requirements and actions businesses can take immediately to comply with PDPD.
Explore further to learn more about how KPMG can help: